Steam Password Exploit found, but it's fixed now

Steam Password Exploit found, but it's fixed now

Steam Password Exploit found, but it's fixed now

A Steam Exploit has been discovered which made it possible to access any Steam account with only the users Username. Thankfully it has been fixed now.

Below is a video showing how the exploit worked, showing that you Steam Account could be hacked using just your username. The authentication process which is used to change a users password could simply be ignored, so hackers could change you password and access your account with just your Username.

Those Using Valve's Steam Guard feature would be hacked by this feature, as the hacker would require access to your email in order to access your account on a new PC, even with the password change.

Below is a statement from Valve regarding this issue.

To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.

Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.

We apologize for any inconvenience.

Any affected users should have been sent an email with a new password for their accounts. Please note that this exploit is now fixed, so you do not need to test it for yourself.

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date
on the latest technology reviews, competitions and goings-on at Overclock3D.
We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the
confirmation emails that will arrive in your e-mail shortly after to complete the registration.